Risk Scoring Based On Endpoint User Activities

US 20100125911A1
Filed: 06/19/2009
Published: 05/20/2010
Est. Priority Date: 11/17/2008
Status: Abandoned Application

First Claim

Patent Images

1. A computer implemented method of determining risk involved in activities performed by a user of resources of an organization, comprising the steps of:

creating a plurality of group risk ranking profiles and security policies for usage of said resources of said organization, wherein said user is associated with one or more of said group risk ranking profiles;

tracking activities of the user in the organization by a security client application provided on a computing device of the user;

generating an end risk score for the user for each of said associated group risk ranking profiles, comprising the steps of;

assigning points to said tracked activities of the user based on each of the associated group risk ranking profiles, wherein said assigned points are aggregated to generate a first risk score; and

modifying said assigned points of the tracked activities of the user at different levels based on a plurality of predefined rules, wherein said modified points are aggregated to generate said end risk score;

whereby said generated end risk score determines said risk involved in said activities performed by the user in the organization.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed herein is a computer implemented method and system for ranking a user in an organization based on the user'"'"'s information technology related activities and arriving at an end risk score used for determining the risk involved in activities performed by the user and for other purposes. Group risk ranking profiles and security policies for usage of the organization'"'"'s resources are created. The user is associated with one or more group risk ranking profiles. A security client application tracks the user'"'"'s activities. Points are assigned to the user'"'"'s tracked activities based on each of the associated group risk ranking profiles. The assigned points are aggregated to generate a first risk score. The assigned points of the user'"'"'s tracked activities are modified at different levels based on predefined rules. The modified points are aggregated to generate the end risk score which is used for compliance and governance purposes, optimizing resources, etc.

397 Citations

21 Claims

1. A computer implemented method of determining risk involved in activities performed by a user of resources of an organization, comprising the steps of:
- creating a plurality of group risk ranking profiles and security policies for usage of said resources of said organization, wherein said user is associated with one or more of said group risk ranking profiles;
  
  tracking activities of the user in the organization by a security client application provided on a computing device of the user;
  
  generating an end risk score for the user for each of said associated group risk ranking profiles, comprising the steps of;
  
  assigning points to said tracked activities of the user based on each of the associated group risk ranking profiles, wherein said assigned points are aggregated to generate a first risk score; and
  
  modifying said assigned points of the tracked activities of the user at different levels based on a plurality of predefined rules, wherein said modified points are aggregated to generate said end risk score;
  
  whereby said generated end risk score determines said risk involved in said activities performed by the user in the organization.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer implemented method of claim 1, wherein the generated end risk score is used for identifying violations of said security policies of the organization by the user.
  - 3. The computer implemented method of claim 1, wherein each of the group risk ranking profiles comprises a threshold range, wherein the end risk score of the user is compared with said threshold range for identifying violations and deviations from said security policies by the user.
  - 4. The computer implemented method of claim 1, wherein said predefined rules are associated with type of the tracked activities, one of sequence and patterns of the tracked activities, date and time of the tracked activities, and quantity and type of data associated with the tracked activities.
  - 5. The computer implemented method of claim 1, wherein said step of modifying the assigned points at said different levels comprises one or more of the steps of:
    - modifying the assigned points at a first level based on one of sequence and patterns of the tracked activities;
      
      modifying the assigned points at a second level based on date and time of the tracked activities; and
      
      modifying the assigned points at a third level based on quantity of data and type of data associated with the tracked activities.
  - 6. The computer implemented method of claim 1, further comprising the step of selecting a time frame for generating the end risk score of the user, wherein the end risk score is generated for said selected time frame.
  - 7. The computer implemented method of claim 1, further comprising the step of storing the tracked activities and the generated end risk score of the user in a log database.
  - 8. The computer implemented method of claim 1, further comprising the step of calculating deviation of the generated end score of the user from one or more previously generated end risk scores of the user for a selected time frame for identifying violations of said security policies by the user.
  - 9. The computer implemented method of claim 1, further comprising the step of displaying a report comprising the generated end risk score of the user for each of the associated group risk ranking profiles.

10. A computer implemented system for determining risk involved in activities performed by a user of resources of an organization, comprising:
- a security client application on a computing device of said user, wherein said security client application comprises a tracking module for tracking activities of the user in said organization;
  
  a risk management server comprising;
  
  a group risk ranking profile creation module for creating a plurality of group risk ranking profiles and security policies for usage of said resources of the organization, wherein the user is associated with one or more of said group risk ranking profiles;
  
  a scoring engine for generating an end risk score for the user for each of said associated group risk ranking profiles, where said scoring engine comprises;
  
  a points assignment module for performing the steps of;
  
  assigning points to said tracked activities of the user based on each of the associated group risk ranking profiles; and
  
  modifying said assigned points of the tracked activities of the user at different levels based on a plurality of predefined rules; and
  
  a score aggregation module for aggregating said points assigned to the tracked activities of the user to generate a first risk score, and for aggregating said modified points to generate said end risk score;
  
  whereby said generated end risk score determines said risk involved in said activities performed by the user in the organization.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 11. The computer implemented system of claim 10, wherein said scoring engine further comprises a rule engine for applying said predefined rules to the tracked activities, wherein the predefined rules are associated with type of the tracked activities, one of sequence and patterns of the tracked activities, date and time of the tracked activities, and quantity and type of data associated with the tracked activities, wherein the predefined rules are stored in a rule database of said risk management server.
  - 12. The computer implemented system of claim 10, wherein said risk management server further comprises a log database for storing the tracked activities and the generated end risk score of the user.
  - 13. The computer implemented system of claim 10, further comprising a policy server comprising a policy database for storing said security policies of the organization for users and user groups of the organization.
  - 14. The computer implemented system of claim 10, further comprising a graphical user interface for enabling an administrator to create the group risk ranking profiles and said security policies.
  - 15. The computer implemented system of claim 10, wherein said risk management server further comprises a selection module for enabling an administrator to select a time frame for generating the end risk score of the user using a graphical user interface, wherein said score aggregation module generates the end risk score for said selected time frame.
  - 16. The computer implemented system of claim 10, wherein said risk management server further comprises a display module for displaying a report comprising the generated end risk score of the user for each of the associated group risk ranking profiles on a graphical user interface.
  - 17. The computer implemented system of claim 10, wherein said risk management server further comprises a group risk ranking profile database for storing said created group risk ranking profiles.
  - 18. The computer implemented system of claim 10, wherein said risk management server further comprises a comparison module for comparing the end risk score of the user with a threshold range associated with each of the group risk ranking profiles for identifying violations of said security policies by the user.
  - 19. The computer implemented system of claim 10, wherein said risk management server further comprises a deviation module for calculating deviation of the generated end score of the user from one or more previously generated end risk scores of the user for a selected time frame for identifying violations of said security policies by the user.
  - 20. The computer implemented system of claim 10, wherein said points assignment module performs one or more of the steps of:
    - modifying the assigned points at a first level based on one of sequence and patterns of the tracked activities;
      
      modifying the assigned points at a second level based on date and time of the tracked activities; and
      
      modifying the assigned points at a third level based on quantity of data and type of data associated with the tracked activities.

21. A computer program product comprising computer executable instructions embodied in a computer-readable medium, wherein said computer program product comprises:
- a first computer parsable program code for creating a plurality of group risk ranking profiles and security policies for usage of resources of an organization;
  
  a second computer parsable program code for providing a security client application on a computing device of a user;
  
  a third computer parsable program code for tracking activities of said user in said organization using said security client application;
  
  a fourth computer parsable program code for assigning points to said tracked activities of the user based on each of the associated group risk ranking profiles;
  
  a fifth computer parsable program code for aggregating said assigned points to generate a first risk score; and
  
  a sixth computer parsable program code for modifying the assigned points of the tracked activities of the user at different levels based on a plurality of predefined rules, wherein said modified points are aggregated to generate an end risk score, wherein said generated end risk score is used to determine risk involved in activities performed by the user in the organization.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Bhaskaran, Prakash

Application Number

US12/487,649
Publication Number

US 20100125911A1
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

G06Q 10/10 Office automation; Time man...

Risk Scoring Based On Endpoint User Activities

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

397 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Risk Scoring Based On Endpoint User Activities

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

397 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links